Exchange 2013 - How do I block Internet Email to a security group while allowing local email?

Posted on 2014-08-25
Last Modified: 2014-08-30
I have an in-house Exchange 2013 environment.  For ease of management for the helpdesk types and auditing purposes, I have a universal distribution group that should NOT send/receive Internet email.  They can and should send/receive email within the Exchange organization.  I am thinking Transport rules to reject based on the group membership; however, it seems like it will block the ability to send and receive local email.  Am I right with that or is there a better method to perform this action?
Question by:directpointe
    LVL 41

    Assisted Solution

    Enable Require that all senders are authenticated under DG properties. This way you are blocking internet users.
    LVL 1

    Author Comment

    I have used that on Exchange 2010, and that prevents incoming Internet email.  I have done that on individual users; however, it is rapidly becoming unmanageable (hence the transition to a group model).  The option to enable that isn't obvious in Exchange 2013, but I'm still looking.  It initially looks like I wouldn't receive email to the dist list, but the individual user could still receive it?

    How would I prevent people on that distro group from sending email out?
    LVL 1

    Accepted Solution

    discovered the "more options" that allow for some multiple checks (i.e. unless sender/recipient is inside the organization).
    LVL 41

    Expert Comment

    For your requirement, some testing is required. I normally use message restriction option in-built in Exchange, else you can try to configure a transport rule as per your requirement.
    LVL 1

    Author Closing Comment

    Combination of Amit's answer and digging into it a little further added a little more flavor to Amit's answer.  Thanks Amit for a very good launching point.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
    This video discusses moving either the default database or any database to a new volume.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now